Fortinet VPN leak: 500,000 account credentials leaked online


A threat actor allegedly scraped nearly 500,000 Fortinet VPN user credentials from unsecured devices, then shared them on his newly launched hacker forum.

The leaker claims that the stolen user credentials, many of which are allegedly still valid, were acquired last summer by accessing unprotected devices and exploiting a Fortinet VPN vulnerability that has since been patched.

The leaked archive itself contains 498,908 usernames and passwords scraped from 12,856 devices.

ADVERTISEMENT

According to BleepingComputer, the author of the leak is known as ‘Orange’ and is a former member of the Babuk ransomware gang and the current administrator of the recently launched RAMP hacker forum where the leak was posted for free, presumably in order to promote the new forum.

Following the posting of the leak on Tuesday, the RAMP hacker forum, hosted on a domain associated with the Babuk ransomware gang, is now down, with only the 7.5 MB leak file still left accessible to visitors.

RAMP hacker forum down

Meanwhile, the leaked Fortinet VPN archive has already appeared on other hacker forums, which means that its spread throughout threat actor communities is all but guaranteed.

Fortinet VPN leak on Raidforums

It was also posted on the leak site of the Groove ransomware group, potentially indicating that the threat actors attempted to extort Fortinet VPN before sharing the user credentials online.

Not the first Fortinet VPN leak

This is not the first time Fortinet VPN user credentials have been exposed by threat actors - a list of 50,000 usernames, passwords and unmasked IP addresses was shared online last year, presumably acquired by exploiting the same vulnerability in the VPN provider’s code.

ADVERTISEMENT

Virtual private networks (VPNs) are privacy tools designed to, among other things, protect the anonymity of their users by keeping their web activity encrypted. Having their VPN credentials compromised by threat actors is a massive blow to both the security and privacy of nearly half a million Fortinet users.

By accessing their VPN accounts, threat actors are able to steal their data and potentially infiltrate their networks, install malware and ransomware on their devices, and more.

If you have a Fortinet VPN account, we strongly recommend you change your account password immediately. Make sure to use a strong and complex password that would not be easy to de-hash or brute-force. Or, better yet, switch to a secure and reputable VPN provider.

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.


More from CyberNews:

Want access to corporate networks? That’ll cost $1,000

The LockBit 2.0 ransomware attack against Accenture

AT&T database of 70 million users sold on hacker forum

AMD and Intel confidential data leaked online after GIGABYTE ransomware attack

Subscribe to our newsletter

ADVERTISEMENT